Cryptojacking only really coalesced as a class of attack about six months ago, but already the approach has evolved and matured into a ubiquitous threat. Hacks that co-opt computing power for illicit cryptocurrency mining now target a diverse array of victims, from individual consumers to massive institutions—even industrial control systems.
But the latest victim isn't some faceless internet denizen or a Starbucks in Buenos Aires. It's Tesla. Researchers published findings on Tuesday that some of Tesla's Amazon Web Services cloud infrastructure was running mining malware in a far-reaching and well-hidden cryptojacking campaign.Read more
India’s City Union Bank said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Chief Executive Officer N. Kamakodi called it a “conspiracy” involving multiple countries, and added the lender was still investigating how it had happened. “This is basically a cyber attack by international cyber criminals,” he told.Read more
The two people who hacked ride-hailing firm Uber’s data in 2016 were in Canada and Florida at the time, a company security executive told a U.S. congressional committee on Tuesday.
About 25 million people whose data was compromised in the breach live in the United States, Uber Technologies Inc chief information security officer John Flynn said in written testimony to a Senate Commerce Committee panel. Of those, 4.1 million were drivers, said Flynn, whose testimony described new details about the hack, the handling of which prompted newly appointed Uber Chief Executive Officer Dara Khosrowshahi to fire two top security officials.Read more
Hackers have hijacked the DNS server for BlackWallet, an online wallet application for the cryptocurrency Stellar Lumens (XLM), and drained users' accounts of hundreds of thousands of dollars. The attack reportedly took place on Saturday after hackers managed to hijack its DNS server, change the settings and redirect it towards their own third-party server.
"BlackWallet was compromised today after someone accessed my hosting provider account," the creator of BlackWallet said in a statement on Reddit. "He then changed the DNS settings to those of its fraudulent website (which was a copy of BlackWallet).Read more
When Stensul CEO Noah Dinkin visited a Starbucks in Buenos Aires recently, he probably didn’t expect to be served some sneaky cryptocurrency miner code along with his coffee. But thanks to the store’s internet provider, that’s exactly what he got.
“Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop?” Dinkin tweeted on December 2. “Feels a little off-brand.” Dinkin wrote that Bitcoin was the digital currency being mined, but CoinHive, the company that provided the code for the miner, only works with Monero, a competing coin.Read more
Security researchers have discovered a new database floating around the dark web that contains a whopping 1.4 billion user names and password combinations in clear text.
While scouring the dark web for stolen, leaked or lost data, researchers at 4iQ found the 41GB file with an interactive, aggregate database dubbed the largest ever found in the dark web to date. The 1.4 billion records have been aggregated from various sources, earlier data breaches and credential lists. A portion of the unencrypted passwords have been tested by the researchers and were verified to be true.Read more
The contents of a digital wallet belonging to cryptocurrency company NiceHash, which included potentially millions of dollars worth of customers' bitcoin, was stolen in a major security breach early Wednesday. The hack affected NiceHash's payment system, and the entire contents of the company's bitcoin wallet was stolen.
"Clearly, this is a matter of deep concern, and we are working hard to rectify the matter in the coming days," NiceHash said in the Facebook post. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement, and we are cooperating with them as a matter of urgency."Read more
Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.
The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private. The security officer, Joe Sullivan, has been fired. Mr. Kalanick was forced out in June, although he remains on Uber’s board. The two hackers stole data about the company’s riders and drivers.Read more
Bitcoin cruised past $8,000 for the first time this week, but it hasn’t been smooth sailing for all after Tether — a company that helps exchanges convert fiat currency to token — said today that a hacker snatched nearly $31 million.
Tether operates USDT, a cryptocurrency asset that it backs via the U.S. dollar. The company said that $30,950,010-worth of USDT was taken from its core treasury wallet “through malicious action by an external attacker.” In response Tether said it has flagged the tokens — meaning that it will track them and prevent the holder from exchanging them through its service — and that it is working to recover them.Read more
Security research firm Rhino Security Labs found a vulnerability in the Amazon Key in-home delivery service's security procedures that could allow either the courier or even a savvy and malicious bystander to enter your home undetected after the delivery is completed.
Amazon has promised to change how Key works in order to make it easier for you to tell when something unusual is happening in this event, but the changes proposed by Amazon don't necessarily resolve the vulnerability. Amazon Key is available to Amazon customers who have bought and installed Amazon's own Cloud Cam security camera and installed it at their front door.Read more